@Test( expected = DuplicateUniquePropertyExistsException.class ) public void duplicateIdentifierTest() throws Exception { logger.debug( "duplicateIdentifierTest" ); EntityManager em = app.getEntityManager(); assertNotNull( em ); User user = new User(); user.setUsername( "foobar" ); user.setEmail( "foobar@usergrid.org" ); Entity createUser = em.create( user ); assertNotNull( createUser ); //we create 2 entities, otherwise this test will pass when it shouldn't User user2 = new User(); user2.setUsername( "foobar" ); user2.setEmail( "foobar@usergrid.org" ); em.create( user2 ); }
private UserInfo doCreateAdmin( UUID organizationId, User user, CredentialsInfo userPassword, CredentialsInfo mongoPassword ) throws Exception { writeUserToken( smf.getManagementAppId(), user, encryptionService .plainTextCredentials( generateOAuthSecretKey( AuthPrincipalType.ADMIN_USER ), user.getUuid(), smf.getManagementAppId() ) ); writeUserPassword( smf.getManagementAppId(), user, userPassword ); writeUserMongoPassword( smf.getManagementAppId(), user, mongoPassword ); UserInfo userInfo = new UserInfo( smf.getManagementAppId(), user.getUuid(), user.getUsername(), user.getName(), user.getEmail(), user.getConfirmed(), user.getActivated(), user.getDisabled(), user.getDynamicProperties(), true ); // special case for sysadmin and test account only if ( !user.getEmail().equals( properties.getProperty( PROPERTIES_SYSADMIN_LOGIN_EMAIL ) ) && !user.getEmail().equals( properties .getProperty( PROPERTIES_TEST_ACCOUNT_ADMIN_USER_EMAIL ) ) ) { if(!tokens.isExternalSSOProviderEnabled()) { this.startAdminUserActivationFlow(organizationId, userInfo, false); } } return userInfo; }
@Override public User verifyAppUserPasswordCredentials( UUID applicationId, String name, String password ) throws Exception { User user = findUserEntity( applicationId, name ); if ( user == null ) { return null; } if ( verify( applicationId, user.getUuid(), password ) ) { if ( !user.activated() ) { throw new UnactivatedAppUserException(); } if ( user.disabled() ) { throw new DisabledAppUserException(); } return user; } return null; }
@Override public User verifyAppUserPinCredentials( UUID applicationId, String name, String pin ) throws Exception { User user = findUserEntity(applicationId, name); if ( user == null ) { return null; } if ( pin.equals( getCredentialsSecret( readUserPin( applicationId, user.getUuid(), user.getType() ) ) ) ) { return user; } return null; }
protected UserInfo createAdminUserInternal( UUID organizationId, String username, String name, String email, String password, boolean activated, boolean disabled, Map<String, Object> userProperties ) throws Exception { logger.debug( "createAdminUserInternal - username: {}, email: {}, name: {}", username, email, name ); if ( isBlank( password ) ) { password = encodeBase64URLSafeString( bytes( UUID.randomUUID() ) ); } if ( username == null ) { username = email; } if ( name == null ) { name = email; } EntityManager em = emf.getEntityManager( smf.getManagementAppId() ); User user = new User(); user.setUsername( username ); user.setName( name ); user.setEmail( email ); user.setActivated( activated ); user.setConfirmed( !newAdminUsersRequireConfirmation() ); // only user.setDisabled( disabled ); if ( userProperties != null ) { // double check no 'password' property just to be safe userProperties.remove( "password" ); user.setProperties( userProperties ); } user = em.create( user ); return createAdminFrom( organizationId, user, password ); }
@Test public void authenticateUser() throws Exception { String username = uniqueUsername(); String password = "test"; String orgName = uniqueOrg(); String appName = uniqueApp(); Entity appInfo = setup.getEmf().createApplicationV2( orgName, appName ); UUID appId = appInfo.getUuid(); User user = new User(); user.setActivated( true ); user.setUsername( username ); EntityManager em = setup.getEmf().getEntityManager( appId ); User storedUser = em.create( user ); setup.getEntityIndex().refresh(applicationId); UUID userId = storedUser.getUuid(); //set the password setup.getMgmtSvc().setAppUserPassword( appId, userId, password ); //verify authorization works User authedUser = setup.getMgmtSvc().verifyAppUserPasswordCredentials( appId, username, password ); assertEquals( userId, authedUser.getUuid() ); //test we can change the password String newPassword = "test2"; setup.getMgmtSvc().setAppUserPassword( appId, userId, password, newPassword ); setup.getEntityIndex().refresh(applicationId); //verify authorization works authedUser = setup.getMgmtSvc().verifyAppUserPasswordCredentials( appId, username, newPassword ); }
@Test public void userMeSubstitution() { User fakeUser = new User(); fakeUser.setUuid( UUIDUtils.newTimeUUID() ); fakeUser.setUsername( "testusername" ); UUID appId = UUIDUtils.newTimeUUID(); UserInfo info = new UserInfo( appId, fakeUser.getProperties() ); ApplicationUserPrincipal principal = new ApplicationUserPrincipal( appId, info ); Subject subject = new Subject.Builder( SecurityUtils.getSecurityManager() ) .principals( new SimplePrincipalCollection( principal, "usergrid" ) ).buildSubject(); setSubject( subject ); testImplies( true, "/users/mefake@usergrid.org/**", "/users/mefake@usergrid.org/permissions" ); //test substitution testImplies( true, "/users/me/**", String.format( "/users/%s/permissions", fakeUser.getUsername() ) ); testImplies( true, "/users/me/**", String.format( "/users/%s/permissions", fakeUser.getUuid() ) ); }
@Test public void runtimeTypeCorrect() throws Exception { logger.debug( "runtimeTypeCorrect" ); EntityManager em = app.getEntityManager(); assertNotNull( em ); int size = 20; List<User> createdEntities = new ArrayList<User>(); for ( int i = 0; i < size; i++ ) { User user = new User(); user.setEmail( String.format( "test%d@usergrid.com", i ) ); user.setUsername( String.format( "test%d", i ) ); user.setName( String.format( "test%d", i ) ); User created = em.create( user ); createdEntities.add( created ); } app.waitForQueueDrainAndRefreshIndex(); Results r = em.getCollection( em.getApplicationRef(), "users", null, 50, Level.ALL_PROPERTIES, false ); logger.info( JsonUtils.mapToFormattedJsonString( r.getEntities() ) ); assertEquals( size, r.size() ); // check they're all the same before deletion for ( int i = 0; i < size; i++ ) { final Entity entity = r.getEntities().get( size - i - 1 ); assertEquals( createdEntities.get( i ).getUuid(), entity.getUuid() ); assertTrue( entity instanceof User ); } }
protected String buildUserAppUrl(UUID applicationId, String url, User user, String token) throws Exception { ApplicationInfo ai = getApplicationInfo(applicationId); OrganizationInfo oi = getOrganizationForApplication(applicationId); return String.format( url, oi.getName(), StringUtils.stringOrSubstringAfterFirst( ai.getName(), '/' ), user.getUuid().toString() ) + "?token=" + token; }
@SuppressWarnings("unchecked") @Test public void testJson() throws Exception { User user = new User(); // user.setId(UUIDUtils.newTimeUUID()); user.setProperty( "foo", "bar" ); assertEquals( "{\"type\":\"user\",\"foo\":\"bar\"}", JsonUtils.mapToJsonString( user ) ); String json = "{\"username\":\"edanuff\", \"bar\" : \"baz\" }"; Map<String, Object> p = ( Map<String, Object> ) JsonUtils.parse( json ); user = new User(); user.addProperties( p ); assertEquals( "edanuff", user.getUsername() ); assertEquals( "baz", user.getProperty( "bar" ) ); json = "{\"username\":\"edanuff\", \"foo\" : {\"a\":\"bar\", \"b\" : \"baz\" } }"; p = ( Map<String, Object> ) JsonUtils.parse( json ); user = new User(); user.addProperties( p ); assertEquals( "edanuff", user.getUsername() ); assertTrue( Map.class.isAssignableFrom( user.getProperty( "foo" ).getClass() ) ); assertEquals( "baz", ( ( Map<String, Object> ) user.getProperty( "foo" ) ).get( "b" ) ); } }
@Test public void testEntityClasses() throws Exception { logger.info( "testEntityClasses" ); Schema mapper = Schema.getDefaultSchema(); assertEquals( "group", mapper.getEntityType( Group.class ) ); assertEquals( User.class, mapper.getEntityClass( "user" ) ); Entity entity = EntityFactory.newEntity( null, "user" ); assertEquals( User.class, entity.getClass() ); User user = ( User ) entity; user.setUsername( "testuser" ); assertEquals( user.getUsername(), user.getProperty( "username" ) ); user.setProperty( "username", "blahblah" ); assertEquals( "blahblah", user.getUsername() ); entity = EntityFactory.newEntity( null, "foobar" ); assertEquals( DynamicEntity.class, entity.getClass() ); Map<String, Object> properties = new LinkedHashMap<String, Object>(); properties.put( Schema.PROPERTY_UUID, new UUID( 1, 2 ) ); properties.put( "foo", "bar" ); entity.setProperties( properties ); assertEquals( new UUID( 1, 2 ), entity.getUuid() ); assertEquals( new UUID( 1, 2 ), entity.getProperty( Schema.PROPERTY_UUID ) ); assertEquals( "bar", entity.getProperty( "foo" ) ); }
@Test public void testBasicOperation() throws Exception { // create keypair KeyPair kp = RsaProvider.generateKeyPair(1024); PublicKey publicKey = kp.getPublic(); PrivateKey privateKey = kp.getPrivate(); // create provider with private key ApigeeSSO2Provider provider = new MockApigeeSSO2Provider(); provider.setManagement( setup.getMgmtSvc() ); provider.setPublicKey( publicKey ); // create user, claims and a token for those things User user = createUser(); long exp = System.currentTimeMillis() + 10000; Map<String, Object> claims = createClaims( user.getUsername(), user.getEmail(), exp ); String token = Jwts.builder().setClaims(claims).signWith( SignatureAlgorithm.RS256, privateKey).compact(); // test that provider can validate the token, get user, return token info TokenInfo tokenInfo = provider.validateAndReturnTokenInfo( token, 86400L ); Assert.assertNotNull( tokenInfo ); }
@Override public UserInfo createAdminFromPrexistingPassword( UUID organizationId, User user, CredentialsInfo ci ) throws Exception { return doCreateAdmin( organizationId, user, ci, // we can't actually set the mongo password. We never have the plain text in // this path encryptionService.plainTextCredentials( mongoPassword( user.getUsername(), "" ), user.getUuid(), smf.getManagementAppId() ) ); }
assertFalse( user.activated() ); assertNull( user.getDeactivated() ); setup.getMgmtSvc().activateAdminUser( user.getUuid() ); assertTrue( user.activated() ); assertNull( user.getDeactivated() ); String token1 = setup.getMgmtSvc().getAccessTokenForAdminUser( user.getUuid(), 0 ); String token2 = setup.getMgmtSvc().getAccessTokenForAdminUser( user.getUuid(), 0 ); setup.getMgmtSvc().disableAdminUser( user.getUuid() ); assertTrue( user.disabled() );
public void sendAppUserConfirmationEmail( UUID applicationId, User user ) throws Exception { String token = getConfirmationTokenForAppUser(applicationId, user.getUuid()); OrganizationConfig orgConfig = getOrganizationConfigForApplication(applicationId); String confirmationPropertyUrl = orgConfig.getFullUrlTemplate(WorkflowUrl.USER_CONFIRMATION_URL); String confirmation_url = buildUserAppUrl( applicationId, confirmationPropertyUrl, user, token); /* * String confirmation_url = String.format( * properties.getProperty(PROPERTIES_USER_CONFIRMATION_URL), * applicationId.toString(), user.getUuid().toString()) + "?token=" + token; */ sendAppUserEmail( user, "User Account Confirmation: " + user.getEmail(), emailMsg( hashMap( "confirmation_url", confirmation_url ), PROPERTIES_EMAIL_USER_CONFIRMATION ) ); }
encryptionService.defaultEncryptedCredentials( newPassword, user.getUuid(), smf.getManagementAppId() ); int passwordHistorySize = calculatePasswordHistorySizeForUser( user.getUuid() ); Map<String, CredentialsInfo> credsMap = cast( em.getDictionaryAsMap( user, CREDENTIALS_HISTORY ) ); Collections.sort( oldCreds ); currentCredentials = readUserPasswordCredentials( smf.getManagementAppId(), user.getUuid(), user.getType() ); .plainTextCredentials( mongoPassword( ( String ) user.getProperty( "username" ), newPassword ), user.getUuid(), smf.getManagementAppId() ) );
assertFalse( user.activated() ); assertNull( user.getDeactivated() ); setup.getMgmtSvc().activateAppUser( applicationId, user.getUuid() ); assertTrue( user.activated() ); assertNull( user.getDeactivated() ); String token1 = setup.getMgmtSvc().getAccessTokenForAppUser( applicationId, user.getUuid(), 0 ); String token2 = setup.getMgmtSvc().getAccessTokenForAppUser( applicationId, user.getUuid(), 0 ); setup.getMgmtSvc().deactivateUser( applicationId, user.getUuid() ); assertFalse( user.activated() ); assertNotNull( user.getDeactivated() ); assertTrue( startTime <= user.getDeactivated() && user.getDeactivated() <= endTime );
@Test public void skipAllEmailConfiguration() throws Exception { setup.set( PROPERTIES_SYSADMIN_APPROVES_ORGANIZATIONS, "false" ); setup.set( PROPERTIES_ORGANIZATIONS_REQUIRE_CONFIRMATION, "false" ); setup.set( PROPERTIES_SYSADMIN_APPROVES_ADMIN_USERS, "false" ); setup.set( PROPERTIES_ADMIN_USERS_REQUIRE_CONFIRMATION, "false" ); final String orgName = uniqueOrg(); final String userName = uniqueUsername(); final String email = uniqueEmail(); OrganizationOwnerInfo ooi = setup.getMgmtSvc() .createOwnerAndOrganization(orgName, userName, "Test User", email, "testpassword"); EntityManager em = setup.getEmf().getEntityManager( setup.getEmf().getManagementAppId() ); User user = em.get( ooi.getOwner().getUuid(), User.class ); assertTrue( user.activated() ); assertFalse( user.disabled() ); assertTrue( user.confirmed() ); }
@Override public void sendAppUserPin( UUID applicationId, UUID userId ) throws Exception { EntityManager em = emf.getEntityManager( applicationId ); User user = em.get( userId, User.class ); if ( user == null ) { return; } if ( user.getEmail() == null ) { return; } String pin = getCredentialsSecret( readUserPin( applicationId, userId, user.getType() ) ); sendHtmlMail(properties, user.getDisplayEmailAddress(), properties.getProperty(PROPERTIES_MAILER_EMAIL), "Your app pin", appendEmailFooter(emailMsg(hashMap(USER_PIN, pin), PROPERTIES_EMAIL_USER_PIN_REQUEST))); }
@Override public void startAppUserPasswordResetFlow( UUID applicationId, User user ) throws Exception { String token = getPasswordResetTokenForAppUser(applicationId, user.getUuid()); OrganizationConfig orgConfig = getOrganizationConfigForApplication(applicationId); String resetPropertyUrl = orgConfig.getFullUrlTemplate(WorkflowUrl.USER_RESETPW_URL); String reset_url = buildUserAppUrl( applicationId, resetPropertyUrl, user, token); Map<String, String> pageContext = hashMap( "reset_url", reset_url ) .map( "reset_url_base", resetPropertyUrl ) .map( "user_uuid", user.getUuid().toString() ).map( "raw_token", token ) .map( "application_id", applicationId.toString() ); /* * String reset_url = String.format( * properties.getProperty(PROPERTIES_USER_RESETPW_URL), oi.getName(), * ai.getName(), user.getUuid().toString()) + "?token=" + token; */ sendHtmlMail( properties, user.getDisplayEmailAddress(), properties.getProperty( PROPERTIES_MAILER_EMAIL ), "Password Reset", appendEmailFooter( emailMsg( pageContext, PROPERTIES_EMAIL_USER_PASSWORD_RESET ) ) ); }